[oe-commits] [meta-openembedded] 01/16: php: fix CVE-2019-11043
git at git.openembedded.org
git at git.openembedded.org
Sun Dec 8 16:15:02 UTC 2019
This is an automated email from the git hooks/post-receive script.
armin_kuster pushed a commit to branch zeus-next
in repository meta-openembedded.
commit 635b211e0f93b9830bd450b0c089d512aa9bba8f
Author: Slater, Joseph <joe.slater at windriver.com>
AuthorDate: Tue Nov 12 13:22:44 2019 -0800
php: fix CVE-2019-11043
Backport unmodified patch from git.php.net. Fixed in php 7.3.11.
Signed-off-by: Joe Slater <joe.slater at windriver.com>
Signed-off-by: Joe Slater <joe.slater at windriver.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../recipes-devtools/php/php/CVE-2019-11043.patch | 38 ++++++++++++++++++++++
meta-oe/recipes-devtools/php/php_7.3.9.bb | 1 +
2 files changed, 39 insertions(+)
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
new file mode 100644
index 0000000..7e20063
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
@@ -0,0 +1,38 @@
+From ab061f95ca966731b1c84cf5b7b20155c0a1c06a Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka at php.net>
+Date: Sat, 12 Oct 2019 15:56:16 +0100
+Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
+
+CVE: CVE-2019-11043
+
+Fixed in php version 7.3.11.
+
+Upstream-Status: Backport [https://git.php.net/repository/php-src.git]
+
+Signed-off-by: Joe Slater <joe.slater at windriver.com>
+---
+ NEWS | 4 +-
+ sapi/fpm/fpm/fpm_main.c | 4 +-
+ .../tests/bug78599-path-info-underflow.phpt | 61 +++++++++++++++++++
+ sapi/fpm/tests/tester.inc | 11 +++-
+ 4 files changed, 75 insertions(+), 5 deletions(-)
+ create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
+
+diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
+index 24a7e5d56a..50f92981f1 100644
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1209,8 +1209,8 @@ static void init_request_info(void)
+ path_info = script_path_translated + ptlen;
+ tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
+ } else {
+- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
+- tflag = (orig_path_info != path_info);
++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
++ tflag = path_info && (orig_path_info != path_info);
+ }
+
+ if (tflag) {
+--
+2.17.1
+
diff --git a/meta-oe/recipes-devtools/php/php_7.3.9.bb b/meta-oe/recipes-devtools/php/php_7.3.9.bb
index a5c7b9b..e886cb1 100644
--- a/meta-oe/recipes-devtools/php/php_7.3.9.bb
+++ b/meta-oe/recipes-devtools/php/php_7.3.9.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://0001-acinclude.m4-don-t-unset-cache-variables.patch \
file://0001-Use-pkg-config-for-libxml2-detection.patch \
file://debian-php-fixheader.patch \
file://CVE-2019-6978.patch \
+ file://CVE-2019-11043.patch \
"
SRC_URI_append_class-target = " \
file://pear-makefile.patch \
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list